CVE-2018-25411
Description
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MGB OpenSource Guestbook 0.7.0.2 and prior have an unauthenticated SQL injection in email.php allowing database extraction.
Vulnerability
MGB OpenSource Guestbook versions 0.7.0.2 and earlier contain an SQL injection vulnerability in email.php. The id GET parameter is not properly sanitized, allowing unauthenticated attackers to inject arbitrary SQL commands. The code path is reachable without any prior authentication or configuration [3].
Exploitation
An attacker sends a crafted GET request to email.php with a malicious SQL payload in the id parameter. For example, appending ' OR '1'='1' -- - or a UNION-based injection to extract database metadata. No user interaction or privileged access is required; the attacker only needs network access to the guestbook instance [3].
Impact
Successful exploitation allows an unauthenticated attacker to extract sensitive database contents, including table and column names, and potentially other stored data. The CVSS v4 vector indicates high confidentiality impact and low integrity impact, suggesting limited write access may also be possible. The attacker gains the ability to read (and possibly modify) the underlying database [3].
Mitigation
The vulnerability is fixed in MGB OpenSource Guestbook version 0.7.1, released on 13 February 2026 [1], and the subsequent hotfix 0.7.1.1 released on 20 February 2026 [1]. Users running any version prior to 0.7.1 should upgrade immediately. No workarounds have been disclosed. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 30, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 0.7.0.2
- Range: =0.7.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the 'id' parameter in email.php allows SQL injection."
Attack vector
An unauthenticated attacker sends a crafted GET request to `email.php` with malicious SQL code in the `id` parameter. Because the parameter is not sanitized before being used in a database query, the attacker can extract sensitive data such as table and column names. The attack requires no authentication and can be performed over the network with low complexity. [ref_id=1]
Affected code
The vulnerability resides in `email.php` of MGB OpenSource Guestbook 0.7.0.2. The `id` parameter is passed unsanitized into an SQL query, allowing unauthenticated attackers to inject arbitrary SQL statements.
What the fix does
The patch does not appear in the provided bundle. Based on the advisory, the fix would require sanitizing or parameterizing the `id` parameter in `email.php` before it is used in an SQL query. Without a published patch, the recommended remediation is to upgrade to a version where the input is properly validated.
Preconditions
- networkThe attacker must be able to send HTTP GET requests to the vulnerable email.php endpoint.
- authNo authentication or prior access is required.
- inputThe vulnerable parameter 'id' must be accepted by the application without sanitization.
Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.